AndroBugs Security

Our Responsibility

Once we have found any vulnerabilities in your apps, we will give you a complete and detailed description to help you solve the potential security issues. If necessary, we will give you the PoC code to demonstrate the effect of the vulnerabilities we have found in your app.

Android App ≠ Web App

For web apps, you can fix the security issues immediately on your server. But for Android apps, your apps may have already been deployed to more than hundreds of thousands of devices by the time you find vulnerabilities.

No Source Code

To protect the code safety of your app, you DO NOT need to give us your Java or C/C++ source code. You only need to give us your Android APK file.

Keeping It Confidential

If we find any vulnerabilities in your Android app, we will keep it confidential and will never publicly disclose it unless you allow us to do.

It All Depends On You

We closely cooperate with you, give you suggestions and complete steps to solve the security issues. But it all depends on you to make the changes or not.

Not Only Security

We not only give you the vulnerabilities mitigation advices, but also give you performance improvement suggestions and preferable settings in your apps.

3rd-party Libraries

How do you know if one day you are hacked by HeartBleed vulnerabilities because you use the 3rd-party library - OpenSSL?
AndroBugs also helps you check the security of the 3rd-party libraries you are using.

No More Hackers

We have several techniques to help your app against Reverse Engineering or being repackaging by hackers.

Our Responsible Disclosure:

We found security issues in Android products or mobile web apps by the following companies and made responsible disclosure about them.
You can now find our name("AndroBugs" or "Yu-Cheng") on their Security Hall of Fame or Acknowledgement List.

Company	Hall of Fame (or Acknowledgement List)	Additional Information
If you do not want your company listed here, please contact us.
Google Android	https://source.android.com/devices/tech/security/acknowledgements.html	Including Google Chrome and apps in AOSP.
Facebook	https://www.facebook.com/whitehat/thanks/	Android SDK by Facebook and Facebook Bug Bounty Payment Website
Twitter	https://hackerone.com/twitter/thanks	Twitter Mobile Web
Microsoft	http://technet.microsoft.com/en-us/security/cc308589 http://technet.microsoft.com/en-us/security/cc308575	Including Office Mobile and Bing
Yahoo!	https://hackerone.com/yahoo/thanks
Alibaba(阿里巴巴)	http://security.alibaba.com/top.htm?time=201404	Security issues in Taobao and Alipay. Rank top 4 in April, 2014.
Evernote	http://evernote.com/security/
AT&T	https://bugbounty.att.com/hof.php	Rank top 10 in 2Q2015 & 2Q2014.
Yandex	https://yandex.com/bugbounty/hall-of-fame/all/	Including iOS app by Yandex.
Badoo	http://corp.badoo.com/security-board/
Sony	https://secure.sony.net/hallofthanks
Sina(新浪微博)	http://sec.sina.com.cn/Hero/index?year=2014&month=4	Rank top 8 in April, 2014.
Mail.Ru	https://hackerone.com/mailru/thanks
Baidu(百度)	http://www.wooyun.org/bugs/wooyun-2014-054438
Tencent(腾讯)	A vulnerability in Android SDK by Tencent.
VK	https://hackerone.com/androbugs
Wickr	Several vulnerabilities in Wickr Android.
Indeed	https://bugcrowd.com/indeed/hall-of-fame
Tesla Motors	https://bugcrowd.com/tesla/hall-of-fame
Spotify	https://bugcrowd.com/spotify/hall-of-fame
LINE WhosCall	A vulnerability in LINE WhosCall.
Tumblr	https://hackerone.com/androbugs

#	Company	Security Case
1	Facebook	Vulnerability in Facebook app allows hackers to steal access tokens and hijack accounts
2	WhatsApp	Hole In WhatsApp For Android Lets Hackers Steal Your Conversations
3	Evernote	Evernote Android Insecure Password Change (one-click setup)

AndroBugs.com